---
title: Configuration
icon: gear
---

<Note>
  If you're self-hosting Typebot, [sponsoring
  me](https://github.com/sponsors/baptisteArno) is a great way to give back to
  the community and to contribute to the long-term sustainability of the
  project. It also comes with some perks like priority support and private
  workshops. ❤️
</Note>

Parameters marked with <span style={{color: '#ef5151'}}>\*</span> are required.

## General

| Parameter                                                         | Default | Description                                                                                                                                                                                                               |
| ----------------------------------------------------------------- | ------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| DATABASE_URL <span style={{color: '#ef5151'}}>\*</span>           |         | The database URL                                                                                                                                                                                                          |
| ENCRYPTION_SECRET <span style={{color: '#ef5151'}}>\*</span>      |         | A 256-bit key used to encrypt sensitive data. It is strongly recommended to [generate](./deploy/docker#2-add-the-required-configuration) a new one. The secret should be the same between builder and viewer.             |
| NEXTAUTH_URL <span style={{color: '#ef5151'}}>\*</span>           |         | The builder base URL. Should be the publicly accessible URL (i.e. `https://typebot.domain.com`)                                                                                                                           |
| NEXT_PUBLIC_VIEWER_URL <span style={{color: '#ef5151'}}>\*</span> |         | The viewer base URL. Should be the publicly accessible URL (i.e. `https://bot.domain.com`)                                                                                                                                |
| ADMIN_EMAIL                                                       |         | The email that will get an `UNLIMITED` plan on user creation. The associated user will be able to bypass database rules. You can provide multiple emails separated by a comma without spaces.                             |
| DEFAULT_WORKSPACE_PLAN                                            | FREE    | Default workspace plan on user creation or when a user creates a new workspace. Possible values are `FREE`, `STARTER`, `PRO`, `LIFETIME`, `UNLIMITED`. The default plan for admin user is `UNLIMITED`                     |
| DISABLE_SIGNUP                                                    | false   | Disable new user sign ups. Invited users are still able to sign up.                                                                                                                                                       |
| NEXT_PUBLIC_ONBOARDING_TYPEBOT_ID                                 |         | Typebot ID used for the onboarding. Onboarding page is skipped if not provided.                                                                                                                                           |
| DEBUG                                                             | false   | If enabled, the server will print valuable logs to debug config issues.                                                                                                                                                   |
| NEXT_PUBLIC_BOT_FILE_UPLOAD_MAX_SIZE                              |         | Limits the size of each file that can be uploaded in the bots (i.e. Set `10` to limit the file upload to 10MB)                                                                                                            |
| CHAT_API_TIMEOUT                                                  |         | The chat API execution timeout (in ms). It limits the chat API exection time. Useful to avoid getting stuck into an unwanted infinite loop. Note that it does not apply to known long-running blocks like OpenAI or else. |

## Email (Auth, notifications)

Used for sending email notifications and authentication

| Parameter             | Default   | Description                                                                                                                                                                                                                                                |
| --------------------- | --------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| SMTP_USERNAME         |           | SMTP username                                                                                                                                                                                                                                              |
| SMTP_PASSWORD         |           | SMTP password                                                                                                                                                                                                                                              |
| SMTP_HOST             |           | SMTP host. (i.e. `smtp.host.com`)                                                                                                                                                                                                                          |
| SMTP_PORT             | 25        | SMTP port                                                                                                                                                                                                                                                  |
| NEXT_PUBLIC_SMTP_FROM |           | From name and email (i.e. `'Typebot Notifications' <notifications@host.com>`)                                                                                                                                                                              |
| SMTP_SECURE           | false     | If true the connection will use TLS when connecting to server. If false (the default) then TLS is used if server supports the STARTTLS extension. In most cases set this value to true if you are connecting to port 465. For port 587 or 25 keep it false |
| SMTP_IGNORE_TLS       | undefined | If true and SMTP_SECURE is false then TLS is not used while connecting to server even if server supports STARTTLS extension.                                                                                                                               |
| SMTP_AUTH_DISABLED    | false     | To disable the authentication by email but still use the provided config for notifications                                                                                                                                                                 |

## Google Auth

<Accordion title="Requirements">

1. Head over the Credentials tab: https://console.developers.google.com/apis/credentials

2. Create a OAuth client ID. This will be your `GOOGLE_AUTH_CLIENT_ID` and `GOOGLE_AUTH_CLIENT_SECRET`

   Make sure to set the following scopes: `userinfo.email`

   The "Authorized redirect URIs" used when creating the credentials must include your full domain and end in the callback path:

   - For production:
     - https://\<YOUR_DOMAIN\>/api/auth/callback/google
   - For development:
     - http://localhost:3000/api/auth/callback/google

</Accordion>

| Parameter                 | Default | Description                                   |
| ------------------------- | ------- | --------------------------------------------- |
| GOOGLE_AUTH_CLIENT_ID     |         | The Client ID from the Google API Console     |
| GOOGLE_AUTH_CLIENT_SECRET |         | The Client secret from the Google API Console |

## Google Sheets

<Accordion title="Requirements">

1. Enable the following APIs in the Google Cloud Console: Google Sheets API, Google Picker API

2. Head over the Credentials tab: https://console.developers.google.com/apis/credentials

3. Create an API key. This will be your `NEXT_PUBLIC_GOOGLE_SHEETS_API_KEY`

4. Create a OAuth client ID. This will be your `GOOGLE_SHEETS_CLIENT_ID` and `GOOGLE_SHEETS_CLIENT_SECRET`

   Make sure to set the following scopes located in your OAuth Consent Screen: `spreadsheets`, `drive.file`
   https://developers.google.com/identity/protocols/oauth2/scopes

   The "Authorized redirect URIs" used when creating the credentials must include your full domain and end in the callback path:

   - For production:
     - https://\<YOUR_DOMAIN\>/api/credentials/google-sheets/callback
   - For development:
     - http://localhost:3000/api/credentials/google-sheets/callback

5. To avoid having to always reconnect a Google Sheets credentials every 7 days, you need to promote your OAuth client to production (https://developers.google.com/nest/device-access/reference/errors/authorization#refresh_token_keeps_expiring)

</Accordion>

| Parameter                         | Default | Description                                   |
| --------------------------------- | ------- | --------------------------------------------- |
| GOOGLE_SHEETS_CLIENT_ID           |         | The Client ID from the Google API Console     |
| GOOGLE_SHEETS_CLIENT_SECRET       |         | The Client secret from the Google API Console |
| NEXT_PUBLIC_GOOGLE_SHEETS_API_KEY |         | The API Key from the Google API Console       |

## Gmail

<Accordion title="Requirements">

1. Enable the following APIs in the Google Cloud Console: Google Sheets API, Google Picker API

2. Head over the Credentials tab: https://console.developers.google.com/apis/credentials

3. Create a OAuth client ID. This will be your `GMAIL_CLIENT_ID` and `GMAIL_CLIENT_SECRET`

   Make sure to set the following scopes located in your OAuth Consent Screen: `gmail.send`, `gmail.labels`, `userinfo.profile`, `userinfo.email`
   https://developers.google.com/identity/protocols/oauth2/scopes

   The "Authorized redirect URIs" used when creating the credentials must include your full domain and end in the callback path:

   - For production:
     - https://\<YOUR_DOMAIN\>/oauth/redirect
   - For development:
     - http://localhost:3000/oauth/redirect

4. To avoid having to always reconnect credentials every 7 days, you need to promote your OAuth client to production (https://developers.google.com/nest/device-access/reference/errors/authorization#refresh_token_keeps_expiring)

| Parameter           | Default | Description                                   |
| ------------------- | ------- | --------------------------------------------- |
| GMAIL_CLIENT_ID     |         | The Client ID from the Google API Console     |
| GMAIL_CLIENT_SECRET |         | The Client secret from the Google API Console |

</Accordion>

## Google Fonts

Used authentication in the builder and for the Google Sheets integration step.

<Accordion title="Requirements">

1. Enable the following API in the Google Cloud Console: Web Fonts Developer API

2. Head over the Credentials tab: https://console.developers.google.com/apis/credentials

3. Create an API key with access to the Web Fonts Developer API. This will be your `NEXT_PUBLIC_GOOGLE_FONTS_API_KEY`

</Accordion>

| Parameter                        | Default | Description                             |
| -------------------------------- | ------- | --------------------------------------- |
| NEXT_PUBLIC_GOOGLE_FONTS_API_KEY |         | The API Key from the Google API Console |

## GitHub (Auth)

Used for authenticating with GitHub. By default, it uses the credentials of a Typebot-dev app.

You can create your own GitHub OAuth app [here](https://github.com/settings/developers). The Authorization callback URL should be `$NEXTAUTH_URL/api/auth/callback/github`

| Parameter            | Default | Description                                                                 |
| -------------------- | ------- | --------------------------------------------------------------------------- |
| GITHUB_CLIENT_ID     |         | Application client ID. Also used to check if it is enabled in the front-end |
| GITHUB_CLIENT_SECRET |         | Application secret                                                          |

## GitLab (Auth)

Used for authenticating with GitLab.
Follow the official GitLab guide for creating OAuth2 applications [here](https://docs.gitlab.com/ee/integration/oauth_provider.html).
The Authorization callback URL should be `$NEXTAUTH_URL/api/auth/callback/gitlab`

| Parameter              | Default            | Description                                                                          |
| ---------------------- | ------------------ | ------------------------------------------------------------------------------------ |
| GITLAB_CLIENT_ID       |                    | Application client ID. Also used to check if it is enabled in the front-end          |
| GITLAB_CLIENT_SECRET   |                    | Application secret                                                                   |
| GITLAB_BASE_URL        | https://gitlab.com | Base URL of the GitLab instance                                                      |
| GITLAB_REQUIRED_GROUPS |                    | Comma-separated list of groups the user has to be a direct member of, e.g. `foo,bar` |
| GITLAB_NAME            | GitLab             | Name of the GitLab instance, used for the SSO Login Button                           |

## Facebook (Auth)

You can create your own Facebook OAuth app [here](https://developers.facebook.com/apps/create/).
The Authorization callback URL should be `$NEXTAUTH_URL/api/auth/callback/facebook`

| Parameter              | Default | Description                                                                 |
| ---------------------- | ------- | --------------------------------------------------------------------------- |
| FACEBOOK_CLIENT_ID     |         | Application client ID. Also used to check if it is enabled in the front-end |
| FACEBOOK_CLIENT_SECRET |         | Application secret                                                          |

## Azure AD (Auth)

If you are using [Azure Active Directory](https://azure.microsoft.com/en-us/services/active-directory/) for the authentication you can set the following environment variables.
The Authorization callback URL should be `$NEXTAUTH_URL/api/auth/callback/azure-ad`

| Parameter              | Default | Description                                                   |
| ---------------------- | ------- | ------------------------------------------------------------- |
| AZURE_AD_CLIENT_ID     |         | Application client ID                                         |
| AZURE_AD_CLIENT_SECRET |         | Application client secret. Can be obtained from Azure Portal. |
| AZURE_AD_TENANT_ID     |         | Azure Tenant ID                                               |

## Keycloak (Auth)

Used for authenticating with Keycloak.
Follow the official Keycloak guide for creating OAuth2 applications [here](https://www.keycloak.org/).

| Parameter              | Default | Description                       |
| ---------------------- | ------- | --------------------------------- |
| KEYCLOAK_CLIENT_ID     |         | Application client ID.            |
| KEYCLOAK_CLIENT_SECRET |         | Application secret                |
| KEYCLOAK_REALM         |         | Your Keycloak Realm               |
| KEYCLOAK_BASE_URL      |         | Base URL of the Keycloak instance |

## Custom OAuth Provider (Auth)

Your provider needs to support the [OpenID Connect](https://openid.net/connect/) standards.

| Parameter                                                             | Default                                                | Description                                              |
| --------------------------------------------------------------------- | ------------------------------------------------------ | -------------------------------------------------------- |
| CUSTOM_OAUTH_CLIENT_ID <span style={{color: '#ef5151'}}>\*</span>     |                                                        | OAuth client ID.                                         |
| CUSTOM_OAUTH_CLIENT_SECRET <span style={{color: '#ef5151'}}>\*</span> |                                                        | OAuth client secret.                                     |
| CUSTOM_OAUTH_ISSUER <span style={{color: '#ef5151'}}>\*</span>        |                                                        | OAuth issuer URL (i.e. `https://auth.domain.com/openid`) |
| CUSTOM_OAUTH_NAME                                                     | Custom OAuth                                           | Provider name. Will be displayed in the sign in form.    |
| CUSTOM_OAUTH_WELL_KNOWN_URL                                           | `CUSTOM_OAUTH_ISSUER`/.well-known/openid-configuration | Provider .well-known URL                                 |
| CUSTOM_OAUTH_USER_ID_PATH                                             | id                                                     | Used to map the id from the user info object             |
| CUSTOM_OAUTH_USER_NAME_PATH                                           | name                                                   | Used to map the name from the user info object           |
| CUSTOM_OAUTH_USER_EMAIL_PATH                                          | email                                                  | Used to map the email from the user info object          |
| CUSTOM_OAUTH_USER_IMAGE_PATH                                          | image                                                  | Used to map the image from the user info object          |
| CUSTOM_OAUTH_SCOPE                                                    | openid profile email                                   | OAuth scope                                              |

For `*_PATH` parameters, you can use dot notation to access nested properties (i.e. `account.name`).

The Authorization callback URL should be: `$NEXTAUTH_URL/api/auth/callback/custom-oauth`

## S3 Storage (Media uploads)

Used for uploading images, videos, etc... It can be any S3 compatible object storage service (Minio, Digital Oceans Space, AWS S3...)

| Parameter               | Default | Description                                                                        |
| ----------------------- | ------- | ---------------------------------------------------------------------------------- |
| S3_ACCESS_KEY           |         | S3 access key. Also used to check if upload feature is enabled                     |
| S3_SECRET_KEY           |         | S3 secret key.                                                                     |
| S3_BUCKET               | typebot | Name of the bucket where assets will be uploaded in.                               |
| S3_PORT                 |         | S3 Host port number                                                                |
| S3_ENDPOINT             |         | S3 endpoint (i.e. `s3.domain.com`).                                                |
| S3_SSL                  | true    | Use SSL when establishing the connection.                                          |
| S3_REGION               |         | S3 region.                                                                         |
| S3_PUBLIC_CUSTOM_DOMAIN |         | If the final URL that is used to read public files is different from `S3_ENDPOINT` |

Note that for AWS S3, your endpoint is usually: `s3.<S3_REGION>.amazonaws.com`

In order to function properly, your S3 bucket must be configured. Make sure to read through the [S3 configuration](./guides/s3) doc.

## Giphy (GIF picker)

Used to search for GIF. You can create a Giphy app [here](https://developers.giphy.com/dashboard/)

| Parameter                 | Default | Description   |
| ------------------------- | ------- | ------------- |
| NEXT_PUBLIC_GIPHY_API_KEY |         | Giphy API key |

## Unsplash (image picker)

Used to search for images. You can create an Unsplash app [here](https://unsplash.com/developers)

| Parameter                       | Default | Description       |
| ------------------------------- | ------- | ----------------- |
| NEXT_PUBLIC_UNSPLASH_APP_NAME   |         | Unsplash App name |
| NEXT_PUBLIC_UNSPLASH_ACCESS_KEY |         | Unsplash API key  |

## Pexels (video picker)

Used to search for videos. You can create a Pexels app [here](https://www.pexels.com/api/key/)

| Parameter                  | Default | Description    |
| -------------------------- | ------- | -------------- |
| NEXT_PUBLIC_PEXELS_API_KEY |         | Pexels API key |

## Tolgee (i18n contribution dev tool)

<Note>
  If you'd like to join contribute to Typebot's translation join the [Discord
  server](https://discord.gg/xjyQczWAXV) and ask for an access to Tolgee in the
  [#contributors
  channel](https://discord.com/channels/1155799591220953138/1155883114455900190).
</Note>

Set up these environment variables to enable [Tolgee dev tool](https://tolgee.io/features/dev-tools).

| Parameter                  | Default                                | Description             |
| -------------------------- | -------------------------------------- | ----------------------- |
| NEXT_PUBLIC_TOLGEE_API_KEY |                                        | Your Tolgee API key     |
| NEXT_PUBLIC_TOLGEE_API_URL | https://tolgee.server.baptistearno.com | The Tolgee API base URL |

## WhatsApp (Preview)

In order to be able to test your bot on WhatsApp from the Preview drawer, you need to set up a WhatsApp business app.

<Accordion title="Requirements">

## 1. [Create a WhatsApp Meta app](../deploy/whatsapp/create-meta-app)

## 2. Get the System User token

1. Go to your [System users page](https://business.facebook.com/settings/system-users) and create a new system user that has access to the related.

- Token expiration: `Never`
- Available Permissions: `whatsapp_business_messaging`, `whatsapp_business_management`

2. The generated token will be used as `META_SYSTEM_USER_TOKEN` in your viewer configuration.
3. Click on `Add assets`. Under `Apps`, look for your app, select it and check `Manage app`

## 3. Get the phone number ID

1. Go to your WhatsApp Dev Console

   <Frame>
     <img src="/images/whatsapp/dev-console.png" alt="WhatsApp dev console" />
   </Frame>

2. Add your phone number by clicking on the `Add phone number` button.
3. Select the newly created phone number in the `From` dropdown list and you will see right below the associated `Phone number ID` This will be used as `WHATSAPP_PREVIEW_FROM_PHONE_NUMBER_ID` in your viewer configuration.

## 4. Set up the webhook

1. Head over to `Quickstart > Configuration`. Edit the webhook URL to `$NEXTAUTH_URL/api/v1/whatsapp/preview/webhook`. Set the Verify token to `$ENCRYPTION_SECRET` and click on `Verify and save`.
2. Add the `messages` webhook field.

## 5. Set up the message template

1. Head over to `Messaging > Message Templates` and click on `Create Template`
2. Select the `Utility` category
3. Give it a name that corresponds to your `WHATSAPP_PREVIEW_TEMPLATE_NAME` configuration.
4. Select the language that corresponds to your `WHATSAPP_PREVIEW_TEMPLATE_LANG` configuration.
5. You can format it as you'd like. The user will just have to send a message to start the preview.

</Accordion>

| Parameter                             | Default                    | Description                                                                                                                                  |
| ------------------------------------- | -------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- |
| META_SYSTEM_USER_TOKEN                |                            | The system user token used to send WhatsApp messages                                                                                         |
| WHATSAPP_PREVIEW_FROM_PHONE_NUMBER_ID |                            | The phone number ID from which the message will be sent                                                                                      |
| WHATSAPP_PREVIEW_TEMPLATE_NAME        |                            | The preview start template message name                                                                                                      |
| WHATSAPP_PREVIEW_TEMPLATE_LANG        | en_US                      | The preview start template message name                                                                                                      |
| WHATSAPP_CLOUD_API_URL                | https://graph.facebook.com | The WhatsApp Cloud API base URL                                                                                                              |
| WHATSAPP_INTERACTIVE_GROUP_SIZE       | 3                          | The array size of items to send to API on choice input. You can't choose a number higher than 3 if you are using the official cloud API URL. |

## Redis

In Typebot, Redis is optional and is used to:

- Rate limit the sign in requests based on user IP
- Enable multiple media upload on WhatsApp

| Parameter | Default | Description                                                          |
| --------- | ------- | -------------------------------------------------------------------- |
| REDIS_URL |         | The database URL. i.e. `redis://<username>:<password>@<host>:<port>` |

## Inngest

Inngest is optional and is used to trigger background jobs like exporting results to CSV.

| Parameter            | Default | Description                                   |
| -------------------- | ------- | --------------------------------------------- |
| INNGEST_EVENT_KEY    |         | The event key used to trigger Inngest         |
| INNGEST_SIGNING_KEY  |         | The signing key used to trigger Inngest       |
| INNGEST_POSTGRES_URI |         | The PostgreSQL URI used to store Inngest data |
| INNGEST_REDIS_URI    |         | The Redis URI used to store Inngest data      |

## PartyKit

PartyKit is optional and is used to make the webhook block work. The PartyKit configuration is located in `packages/partykit` folder. You can deploy the server into production using `bun deploy`. You can find more information about PartyKit deployment in their [official documentation](https://docs.partykit.io/guides/deploying-your-partykit-server/).

| Parameter                 | Default | Description                               |
| ------------------------- | ------- | ----------------------------------------- |
| NEXT_PUBLIC_PARTYKIT_HOST |         | PartyKit host. i.e. `partykit.typebot.io` |

## Others

The related environment variables are listed here but you are probably not interested in these if you self-host Typebot.

<Accordion title="Vercel (custom domains)">

| Parameter                              | Default | Description                                     |
| -------------------------------------- | ------- | ----------------------------------------------- |
| VERCEL_TOKEN                           |         | Vercel API token                                |
| NEXT_PUBLIC_VERCEL_VIEWER_PROJECT_NAME |         | The name of the viewer project in Vercel        |
| VERCEL_TEAM_ID                         |         | Vercel team ID that contains the viewer project |

</Accordion>

<Accordion title="Telemetry">

| Parameter                | Default | Description                                             |
| ------------------------ | ------- | ------------------------------------------------------- |
| MESSAGE_WEBHOOK_URL      |         | Webhook URL called to receive important system messages |
| USER_CREATED_WEBHOOK_URL |         | Webhook URL called whenever a new user is created       |

</Accordion>

<Accordion title="PostHog">

| Parameter                | Default                | Description              |
| ------------------------ | ---------------------- | ------------------------ |
| NEXT_PUBLIC_POSTHOG_KEY  |                        | PostHog API Key          |
| POSTHOG_API_HOST         | https://eu.posthog.com | PostHog API Host         |
| POSTHOG_PERSONAL_API_KEY |                        | PostHog personal API Key |
| POSTHOG_PROJECT_ID       |                        | PostHog project ID       |

</Accordion>

<Accordion title="System labels">

| Parameter                       | Default                                  | Description |
| ------------------------------- | ---------------------------------------- | ----------- |
| NEXT_PUBLIC_VIEWER_404_TITLE    | 404                                      |             |
| NEXT_PUBLIC_VIEWER_404_SUBTITLE | The bot you're looking for doesn't exist |             |

</Accordion>
